Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/yMW530oAssy1kMqkotdhzU_akek.roa
File:                     yMW530oAssy1kMqkotdhzU_akek.roa (raw, json)
Hash identifier:          MvGIgNI41FNSEca3Q5o8+N9orEDWUKtTolPM4F003Qg=
Subject key identifier:   C8:C5:B9:DF:4A:00:B2:CC:B5:90:CA:A4:A2:D7:61:CD:4F:DA:91:E9
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01917622E2B71CD681E78FA629D5C9025BC4
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/yMW530oAssy1kMqkotdhzU_akek.roa
Signing time:             Wed 21 Aug 2024 18:11:23 +0000
ROA not before:           Wed 21 Aug 2024 18:11:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34882
IP address blocks:        45.151.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:22:e2:b7:1c:d6:81:e7:8f:a6:29:d5:c9:02:5b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 21 18:11:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8c5b9df4a00b2ccb590caa4a2d761cd4fda91e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e3:62:36:d4:69:db:5a:9b:92:ac:e5:98:0b:
                    5d:ba:90:b9:a2:75:70:94:61:e5:2a:92:a9:85:63:
                    6f:50:b8:b1:97:8a:08:57:c3:5a:ec:09:e0:83:ea:
                    cf:af:cb:bc:4b:4b:0c:17:9b:67:33:c9:2e:5c:da:
                    dc:cc:98:66:d7:2b:b9:fa:48:a8:2c:2e:ae:7c:11:
                    45:c9:36:43:26:8b:fb:3f:ab:05:a6:4c:ba:6a:ac:
                    cb:b8:bc:ac:35:10:87:aa:4a:55:68:e5:f1:5e:ec:
                    88:22:56:c9:22:71:99:c9:13:3d:6d:47:85:c6:a6:
                    65:76:a0:36:87:a6:b1:37:5d:49:60:c3:41:2f:d6:
                    31:df:87:bb:5b:26:ff:68:2c:fb:9d:e5:73:11:b1:
                    49:88:bc:dc:bc:a5:b0:c0:33:0b:0a:14:6f:ca:c0:
                    43:e6:65:eb:26:15:bf:e8:70:3c:e4:37:01:7c:f9:
                    88:80:23:61:09:e3:07:72:7b:c9:44:94:47:d9:34:
                    d8:f0:78:16:b2:1d:d8:09:97:ed:50:86:70:06:58:
                    64:f3:51:c6:50:a8:46:0d:46:64:5e:be:cb:8b:65:
                    5e:3c:a9:49:55:ed:05:2c:cf:9f:16:9b:ea:55:15:
                    b9:5d:a6:24:62:2d:ce:e6:c4:3b:aa:f9:82:4e:54:
                    fd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C5:B9:DF:4A:00:B2:CC:B5:90:CA:A4:A2:D7:61:CD:4F:DA:91:E9
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/yMW530oAssy1kMqkotdhzU_akek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f8:05:02:5d:a8:96:68:60:fc:ce:ff:cf:80:d6:82:ba:ab:
         c9:59:f3:99:d3:13:f0:06:5f:de:12:56:be:79:45:10:fc:05:
         7e:81:0b:3f:fc:43:38:8f:d9:e7:aa:c1:87:be:fd:34:5f:4a:
         61:f8:1e:32:d2:b6:75:58:6a:19:12:bd:23:2d:83:5f:98:4b:
         8f:ca:c0:29:2b:3d:91:07:c4:fd:4b:be:a0:63:03:b5:11:e2:
         ee:40:63:92:22:54:86:00:2d:54:87:e8:aa:28:00:37:56:d6:
         ee:2e:eb:7f:87:35:8c:3a:b1:c4:bc:ee:0e:c4:af:6f:96:8c:
         5d:87:15:95:a1:27:68:fa:b0:84:93:b0:f7:6d:29:5e:ae:74:
         30:f8:e9:17:19:5a:78:36:88:3b:03:2f:89:fe:c6:02:a2:d0:
         66:a7:97:a6:21:01:22:37:4a:77:9d:5c:9e:6e:ab:75:c2:49:
         5e:01:5d:cd:4c:99:28:56:5e:bd:2c:22:1a:bd:10:8f:c7:4a:
         b1:29:8e:49:37:b9:a7:17:e5:15:5a:5e:45:ec:bf:6d:80:4b:
         72:51:44:36:d4:2d:ef:1c:17:f4:b7:16:b0:4f:74:24:e1:76:
         54:d9:89:05:56:8b:ab:ca:87:fd:40:7d:50:0a:9f:de:37:0c:
         f2:05:5a:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF2IuK3HNaB54+mKdXJAlvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODIxMTgxMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGM1YjlkZjRhMDBiMmNjYjU5MGNhYTRhMmQ3NjFjZDRmZGE5MWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeNiNtRp21qbkqzlmAtdupC5onVw
lGHlKpKphWNvULixl4oIV8Na7Angg+rPr8u8S0sMF5tnM8kuXNrczJhm1yu5+kio
LC6ufBFFyTZDJov7P6sFpky6aqzLuLysNRCHqkpVaOXxXuyIIlbJInGZyRM9bUeF
xqZldqA2h6axN11JYMNBL9Yx34e7Wyb/aCz7neVzEbFJiLzcvKWwwDMLChRvysBD
5mXrJhW/6HA85DcBfPmIgCNhCeMHcnvJRJRH2TTY8HgWsh3YCZftUIZwBlhk81HG
UKhGDUZkXr7Li2VePKlJVe0FLM+fFpvqVRW5XaYkYi3O5sQ7qvmCTlT9uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjFud9KALLMtZDKpKLXYc1P2pHpMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEveU1XNTMwb0Fzc3kxa01xa290ZGh6VV9ha2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZccMA0G
CSqGSIb3DQEBCwUAA4IBAQA4+AUCXaiWaGD8zv/PgNaCuqvJWfOZ0xPwBl/eEla+
eUUQ/AV+gQs//EM4j9nnqsGHvv00X0ph+B4y0rZ1WGoZEr0jLYNfmEuPysApKz2R
B8T9S76gYwO1EeLuQGOSIlSGAC1Uh+iqKAA3VtbuLut/hzWMOrHEvO4OxK9vloxd
hxWVoSdo+rCEk7D3bSlernQw+OkXGVp4Nog7Ay+J/sYCotBmp5emIQEiN0p3nVye
bqt1wkleAV3NTJkoVl69LCIavRCPx0qxKY5JN7mnF+UVWl5F7L9tgEtyUUQ21C3v
HBf0txawT3Qk4XZU2YkFVouryof9QH1QCp/eNwzyBVrh
-----END CERTIFICATE-----